

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class StaticCacheControl implements Filter
{

	@Override
	public void destroy()
	{
		// ig
	}

	@Override
	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException
	{

		HttpServletRequest request = (HttpServletRequest) servletRequest;
		HttpServletResponse response = (HttpServletResponse) servletResponse;

		response.setHeader("X-Content-Type-Options", "nosniff");
		response.setHeader("X-XSS-Protection", "1; mode=block");
		// 使用这个请求头会导致通用接口组件加载不了，等后面可以改成 style-src 'self' 或者直接去掉这个响应头
		response.setHeader("Content-Security-Policy", "default-src 'self'");
		response.setHeader("Referer-Policy", "origin");
		response.setHeader("X-Permitted-Cross-Domain-Policies", "master-only");
		// 浏览器不允许直接打开下载的文件
		response.setHeader("X-Download-Options", "noopen");

		response.setHeader("Strict-Transport-Security", "max-age=63072000; includeSubdomains; preload");
		response.setHeader("X-Frame-Options", "SAMEORIGIN");

		chain.doFilter(request, response);
	}

	@Override
	public void init(FilterConfig filterConfig) throws ServletException
	{
		// ig
	}
}
